This guide describes how to setup and configure an Apache2 server that allows authenticated access to the Subversion server. It assumes you followed the

Step-by-step guide to installing Subversion.

Install Apache 2 Server

Install Apache 2 Package

As you have already installed ipkg to install the Subversion server, you can type the following command to install the Apache 2 server. Issue:

ipkg install apache

ipkg might install some dependencies. Just let it happen.

if you havent allready, you may need to run ipkg install svn to get the required svn modules

Test installation

As the diskstation does already have an Apache server running for its admin web interface and (if you enabled it) the web station, the default HTTP port (80) is already in use. Therefore the additional server's port is set to 8000 per default. Thus, testing
your installation is done by accessing http://<IP of your Diskstation>:8000/. You should see the message
It works! if it worked.

If you get a message similar to Failed to connect make sure the server is running by issuing the following command:

/opt/sbin/apachectl start

Then try again. If the command above caused the output httpd (pid <Number>) already running, refer to the following section (Configure ports), as your Apache server seems to use a different default port.

Configure ports (optional)

As it might be desirable to have the newly installed Apache server use the default port for HTTP access, this section explains how to swap ports with the diskstation's internal Apache.

First open the configuration file of our new Apache server:

vi /opt/etc/apache2/httpd.conf

Search for the line Listen 8000 and change the port to 80 by moving to the end of the line and pressing
x twice. Save the changes by typing :wq and pressing enter.

Now open the user configuration file of the diskstation's Apache server:

vi /usr/syno/apache/conf/httpd.conf-user

Search for the line Listen 80 and change the port to 8000 by moving to the end of the line, pressing
a (append), add the two 0 and quit append mode by pressing
ESC. Save the changes by typing :wq and pressing
Enter.

To make sure both Apaches get restarted properly, just reboot the diskstation:

reboot

Enable SSL (optional)

To enable SSL, open the configuration file of our new Apache server again:

vi /opt/etc/apache2/httpd.conf

Now search for the line

#Include etc/apache2/extra/httpd-ssl.conf

and remove the asterisk (#) at the start (move the cursor over it and press
x). Save and quit (:wq and Enter).

Now you have to provide an SSL server certificate and key. This guide will just use the ones that come with the diskstation. Therefore change to the config directory of our Apache server and create links to the diskstation's certificate files:

cd /opt/etc/apache2
ln -s /usr/syno/etc/ssl/ssl.crt/server.crt
ln -s /usr/syno/etc/ssl/ssl.key/server.key

Now restart the Apache server:

/opt/sbin/apachectl restart

In case the server fails to restart due to missing certificate files, you will have to check the SSL configuration at
/volume1/opt/etc/apache2/extra/httpd-ssl.conf to check where it looks for them. In doubt, specify the following lines (they should already exist, so replace them!) which point to the location where we just put the links to the diskstation's
files to:

SSLCertificateFile "/opt/etc/apache2/server.crt"
SSLCertificateKeyFile "/opt/etc/apache2/server.key"

Configure Subversion access

The Apache server installed comes with the two additional modules required for Subversion access via HTTP(S),
mod_dav and mod_dav_svn. It also provides a configuration template (located at
/opt/etc/apache2/conf.d/mod_dav_svn.conf) for Subversion which we will use.

Enable Subversion

To enable the configuration template we have to edit the Apache server config once more:

vi /opt/etc/apache2/httpd.conf

Now we add the following block (move to the end of the file and press
i to start editing) to include the configuration template:

# Subversion
Include etc/apache2/conf.d/mod_dav_svn.conf

Now we have to add the repository. As it is located at /volume1/svn and thus cannot be reached by our Apache, we have to link to it from within our web folder. This is done by issuing the following commands:

cd /opt/share
ln -s /volume1/svn

Now we edit the configuration template (vi /opt/etc/apache2/conf.d/mod_dav_svn.conf) and make it look like this (by adding the
Location block at the end):

LoadModule dav_svn_module     libexec/mod_dav_svn.so
LoadModule authz_svn_module   libexec/mod_authz_svn.so

#
# Example configuration to enable HTTP access for a Subversion
# repository, "/home/svnroot".
#

#<Location /svn/repos>
#   DAV svn
#   SVNPath /home/svnroot
#
#   # Limit write permission to list of valid users.
#   <LimitExcept GET PROPFIND OPTIONS REPORT>
#      # Require SSL connection for password protection.
#      # SSLRequireSSL
#
#      AuthType Basic
#      AuthName "Authorization Realm"
#      AuthUserFile /path/to/passwdfile
#      Require valid-user
#   </LimitExcept>
#</Location>

<Location /svn>
    DAV svn
    SVNParentPath /opt/share/svn
</Location>

Restart the Apache server to apply the changes:

/opt/sbin/apachectl restart

Now every repository that is located on the server can be reached by accessing
http://<IP of your Diskstation>:8000/svn/<repo name>, for example
http://192.168.0.100:8000/svn/test. This does also apply for the SSL connection, if configured.

Add password protection

As full access to our repositories should most likely not be given to everyone, this section describes how to add password protection. Therefore an
htaccess file is required which contains the users allowed to access the repositories. The following shows the creation of a new htaccess file
svn-auth-file, overwriting any existing one, and adds the user
test. To add users to an existing file, change the
-cm option to -m.

> /opt/sbin/apache-htpasswd -cm /opt/share/svn/svn-auth-file test
New password:
Re-type new password:
Adding password for user test

Now we have to tell the Apache server to use the authentication(s) within the file. Therefore we update the
Location block within the /opt/etc/apache2/conf.d/mod_dav_svn.conf file to look as follows:

<Location /svn>
    DAV svn
    SVNParentPath /opt/share/svn
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /opt/share/svn/svn-auth-file
    Require valid-user
</Location>

This will require authentication with any of the users specified within the file to access the repository. If only write access should be restricted, we have to limit the
Require valid-user option:

<Location /svn>
    DAV svn
    SVNParentPath /opt/share/svn
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /opt/share/svn/svn-auth-file

    #Limit all except read-only HTTP request types
    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
    </LimitExcept>
</Location>

Restart the Apache server and test the result:

/opt/sbin/apachectl restart

Known Problems

Permission denied/authentification problems

If you initially followed the
Step-by-step guide to installing Subversion you probably have created the svnowner user and you could use this user also for the apache by adding it to httpd.conf. (I expirienced some problems with the initial configuration where User was set to 'nobody').

vi /opt/etc/apache2/httpd.conf

...

#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User svnowner
Group #-1

...

Further reading

Now that your Subversion is accessible and (possibly) protected, you may want to tweak read/write permissions, maybe even on a repository / folder basis. See
The Subversion Book for further details on that and anything else SVN.

Thanks

I'd like to thank

• Synology for making a product that is so nicely adjustable to one's personal needs, and
• Risto for his
  
  Step-by-step guide to installing Subversion which made my day :-)

--Boris59 19:15, 30 June 2009 (UTC)